<a href="http://github.com/angular/angular.js/edit/master/docs/content/error/sce/insecurl.ngdoc" class="improve-docs btn btn-primary"><i class="icon-edit"> </i> Improve this doc</a><h1><code ng:non-bindable="">Processing of a Resource from Untrusted Source Blocked</code>
<div><span class="hint">error in component <code ng:non-bindable="">$sce</code>
</span>
</div>
</h1>
<div><pre class="minerr-errmsg" error-display="Blocked loading resource from url not allowed by $sceDelegate policy.  URL: {0}">Blocked loading resource from url not allowed by $sceDelegate policy.  URL: {0}</pre>
<h2 id="description">Description</h2>
<div class="description"><div class="-sce-page -sce-insecurl-page"><p>AngularJS&#39; <a href="api/ng.$sce"><code>Strict Contextual Escaping (SCE)</code></a> mode (enabled by default) has blocked loading a resource from an insecure URL.</p>
<p>Typically, this would occur if you&#39;re attempting to load an Angular template from an untrusted source.
It&#39;s also possible that a custom directive threw this error for a similar reason.</p>
<p>Angular only loads templates from trusted URLs (by calling <a href="api/ng.$sce#methods_gettrustedresourceurl"><code>$sce.getTrustedResourceUrl</code></a> on the template URL).</p>
<p>By default, only URLs that belong to the same origin are trusted. These are urls with the same domain and protocol as the application document.</p>
<p>The <a href="api/ng.directive:ngInclude"><code>ngInclude</code></a> directive and <a href="guide/directive">directives</a> that specify a <code>templateUrl</code> require a trusted resource URL.</p>
<p>To load templates from other domains and/or protocols, either adjust the <a href="api/ng.$sceDelegateProvider#methods_resourceurlwhitelist"><code>whitelist</code></a>/ <a href="api/ng.$sceDelegateProvider#methods_resourceurlblacklist"><code>blacklist</code></a> or wrap the URL with a call to <a href="api/ng.$sce#methods_trustasresourceurl"><code>$sce.trustAsResourceUrl</code></a>.</p>
<p><strong>Note</strong>: The browser&#39;s <a href="https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest">Same Origin Policy</a> and <a href="http://www.w3.org/TR/cors/">Cross-Origin Resource Sharing (CORS)</a> policy apply
that may further restrict whether the template is successfully loaded.  (e.g.  neither cross-domain
requests won&#39;t work on all browsers nor <code>file://</code> requests on some browsers)</p>
</div></div>
</div>
